Cloud servers, cloud-based web hosting services, private cloud, public cloud, hybrid cloud, intelligent cloud—the hodgepodge of cloud hosting language often confuses us all. But which one is right for you? And which hosted option offers the right network for your accounting software? And really…is there any difference when it comes to hosting QuickBooks®?
In this post, Jeff Siegel (owner of Siegel Solutions) will help walk us through:
- Why you should care where your information is being stored.
- What differences exist between a home-grown, self-managed cloud solution and hosting from a provider.
- How to keep QuickBooks secure—no matter if you’re hosting in-house or with a cloud provider.
Security is a selling point
Accounting professionals tend to have two major concerns when it comes to securing their QuickBooks:
- Will I—or my clients—ever lose access to QuickBooks data?
- Could personally identifiable information (PII) be taken from my QuickBooks data?
Not only should you be able to answer those questions for your accounting firm, but you should also be able to tell your clients upfront exactly how you’re securing their data.
In today’s ruthless, uber-connected landscape, security is a selling point.
If you use a cloud hosting provider, they’ll give you the exact safeguards you need to ensure the answers to your two questions above are “no.” If your cloud solution is home-grown and in-office…well, you’re probably shrugging, “Who knows?”
Here’s Siegel’s take on home-grown, accounting firm-managed, in-office servers: “Many people claim their data is ‘in the cloud [and therefore safe].’ The fact of the matter is: Their data is sitting on a physical server in a physical location that is accessible through an internet connection.”
Few safeguards are put in place to protect that physical server from accidental damage or malicious hackers, if any. Accounting firms simply don’t have the time or resources to give their servers the security measures they require.
Why hackers target on-premises servers
If you work at an accounting firm, you’re likely using desktop solutions from at least one of the following:
And because these robust programs require a lot of processing power and storage capacity, you’re likely storing them on a server in your office rather than directly on your desktop computer.
These self-managed server solutions are the favorite targets of hackers because:
- There’s an assumption these solutions aren’t as secure.
- Servers are hosting more and more applications (not just QuickBooks). And more applications = more information = more black market earning potential.
“It’s logical to assume that data that is being compromised is ‘in the cloud’ at a cloud provider. But in reality, much of this data is actually being hacked from on-premises servers that do not have the security a cloud provider would have.”
– Jeff Siegel, Siegel Solutions
Jeff said it best: It’s completely plausible to assume data outside of your physical reach is less secure. However, today, that’s simply not true.
Your cloud vs. cloud hosting
Using data from conversations, consultations and accounting firm walkthroughs, let’s take a look at how a typical firm’s server compares to a cloud hosting provider’s.
Firm-operated server |
Cloud hosting provider server |
| Purchasing hardware and software (e.g., servers, backup systems, power supply units, software licenses) can be expensive. | Cloud hosting providers operate on a subscription-based model, spreading costs out over time and making them more predictable. |
| Physical damage can occur more easily due to access to the hardware by employees, contractors and other professionals in the office environment. | Servers are located in locked-down, access- and climate-controlled facilities with security cameras and security guards protecting them 24/7. |
| A true backup policy and procedure may not be in place, or redundant hardware may not be in place to ensure continual access in the event of an issue. | Data on one server is backed up on another server in an additional, just-as-secure location. |
| Security breaches may not be detected. | Servers are patched and updated continuously, keeping them secure from vulnerabilities. |
| Permissions, in many cases, allow access to critical server components or directories where files are shared. | Technology is constantly updated, helping with security, speed and access. |
| There are no dedicated personnel to ensure the security of the server is monitored. | Software is in place to monitor any potential virus threats or downloads. |
| Ports to the internet are left open or are opened for certain software, allowing for security breaches; viruses can be accidentally downloaded by employees. | Full-time personnel monitor the environment, test applications on the environment for any security lapses and support the end users. |
| Remote access to data on in-house servers can be limited and less secure. | Cloud services can be securely accessed from anywhere with an internet connection. |
But wait, there’s more…
In addition to the above, the benefits of the cloud are expansive. Cloud providers adhere to strict compliance standards, so firms can more easily meet regulatory requirements. They also include access to advanced technologies, like AI and machine learning, which enhance data analysis and business intelligence.
Local server ≠ secure server
Furthermore, Jeff explains: “Let’s not be fooled into thinking that if the data is local, it is secure. Accounting professionals and their clients should focus on growing and managing their businesses; not on trying to protect their data in their local environment.”
Here are a few of Jeff’s best tips for keeping your QuickBooks (and other accounting and tax software) secure, no matter how it’s hosted:
Whether your QuickBooks data is in the cloud or on your local servers, here are some tips for keeping your data safe:
- Implement robust password policies. Require the use of complex passwords and change them frequently.
- Use multifactor authentication (MFA). Implement MFA for all accounts to ensure an extra layer of security.
- Update software and systems regularly. Keep all software up to date with the latest security patches to protect against vulnerabilities and exploits.
- Conduct regular security training. Provide ongoing cybersecurity training for staff to educate them about phishing attacks, social engineering and other common threats.
- Use firewalls and antivirus software. Deploy firewalls to protect your network from unauthorized access, and use reputable antivirus software to detect and prevent malware infections.
- Encrypt sensitive data. Make sure sensitive data is always encrypted in case it’s intercepted or accessed without authorization. Better yet, store sensitive data with a trusted, secure hosting provider.
- Implement access controls. Use role-based access controls to limit data access only to those employees who need it. Regularly review and update access permissions as roles and responsibilities change.
- Perform regular data backups. Regularly back up all critical data to secure, off-site locations. This ensures data recovery in the event of a ransomware attack or other data loss incidents.
- Conduct regular security audits. If possible, hire certified security professionals to test the sophistication of your data protection.
- Create a WISP. Finally, develop and maintain a Written Information Security Plan (WISP) that outlines the steps to take in case of a security incident or data breach.
Reap the benefits of cloud hosting
In conclusion, while in-house servers offer control and potential customization, their high costs, maintenance burdens and security challenges often make cloud hosting providers a more attractive option for accounting firms.
If you’re ready to get your firm in a secure cloud environment, get started with Rightworks OneSpace today!
